offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming

Go to offsec.tools

Tools featured this week

Focuses DNS MX records and detects misconfigured MX records.

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

Free, online web security training from the creators of Burp Suite.

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.

Free web-application vulnerability and version scanner.

Set as many exfiltration, techniques that CAN be used to bypass various.

Automatically attempts default creds on found services based on Nmap output.

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

Crawls the website and finds broken social media links that can be hijacked

	SysReptor
	Easy and customisable pentest report creator based on simple web technologies.

	LaZagne
	Credentials recovery project.

	cloudsploit
	Cloud Security Posture Management (CSPM).

	archerysec
	Automate your application security orchestration and correlation (ASOC).

	DNSExfiltrator
	Data exfiltration over DNS request covert channel.

	csrf-scanner
	CSRF Scanner Extension for Burp Suite Pro.

	additional-scanner-checks
	Collection of scanner checks missing in Burp.

	403-bypasser
	A Burp Suite extension made to automate the process of bypassing 403 pages.

	json-web-tokens
	JSON Web Tokens Support for Burp Suite.

	co2
	A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.

	Seela
	Boost the cybersecurity skills of your teams with the cyber knowledge library.

Go to offsec.tools